[GLLUG] WAS: Re: Am I over-reacting to this?

Dylan dylan at dylan.me.uk
Mon Jan 20 13:47:48 UTC 2014


On 20/01/14 13:40, John Edwards wrote:
> Hi
>
> On Mon, Jan 20, 2014 at 01:27:08PM +0000, Jean van Wyngaardt wrote:
>> In the news today..
>>
>> http://www.bbc.co.uk/news/technology-25809208#?utm_source=twitterfeed&utm_medium=twitter
>>
>
> Technical details here:
> 	https://scotthelme.co.uk/ee-brightbox-router-hacked/
>
> But the description of this problem is different to John Winters'.
> This is the leakage of security information (including admin password
> and WPA keys) through the HTTP web interface, but it seems to only be
> available on the LAN side of the router by default.

Surely, in order to "push" an upgrade (which is presumably a software 
update) these routers must have some kind of WAN facing login as well?

Dx




More information about the GLLUG mailing list